[Snyk] Fix for 1 vulnerabilities

[marcusrc]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Is it possible to suggest a list of enabled and disabled items, but disabled ones can't be selectable? moroshko/react-autosuggest#860)
• e7525c9 test: nested url (Bump json5 from 1.0.1 to 1.0.2 moroshko/react-autosuggest#859)
• 7259faa test: css hacks (Bump flat and mocha moroshko/react-autosuggest#858)
• 5e6034c feat: allow to filter import at-rules (Bump express from 4.17.1 to 4.18.2 moroshko/react-autosuggest#857)
• 5e702e7 feat: allow filtering urls (Bump qs from 6.5.2 to 6.5.3 moroshko/react-autosuggest#856)
• 9642aa5 test: css stuff (Bump decode-uri-component from 0.2.0 to 0.2.2 moroshko/react-autosuggest#855)
• 3338656 fix: reduce number of require for url (Cannot read properties of undefined (reading 'focus') error on console on mobile use moroshko/react-autosuggest#854)
• 533abbe test: issue 636 (React 18: getSectionSuggestions is called with undefined after selecting suggestion on mobile device moroshko/react-autosuggest#853)
• 08c551c refactor: better warning on invalid url resolution (Bump terser from 4.6.7 to 4.8.1 moroshko/react-autosuggest#852)
• b0aa159 test: issue react autosuggest only populates on page refresh moroshko/react-autosuggest#589 (Bump jsdom from 15.1.1 to 16.5.0 moroshko/react-autosuggest#851)
• f599c70 fix: broken unucode characters (Bump eventsource from 1.0.7 to 1.1.1 moroshko/react-autosuggest#850)
• 1e551f3 test: issue 286 (Standalone build: autosuggest.js should not be minified moroshko/react-autosuggest#849)
• 419d27b docs: improve readme (Bump async from 2.6.3 to 2.6.4 moroshko/react-autosuggest#848)
• d94a698 refactor: webpack-default (Add highlighted data to onKeyDown function moroshko/react-autosuggest#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Is it possible to create a function called on focus event? moroshko/react-autosuggest#845)
• 8a6ea10 refactor: postcss plugins (Bump url-parse from 1.4.7 to 1.5.10 moroshko/react-autosuggest#844)
• fdcf687 fix: url resolving logic (Bump url-parse from 1.4.7 to 1.5.7 moroshko/react-autosuggest#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Bump follow-redirects from 1.11.0 to 1.14.8 moroshko/react-autosuggest#842)
• ee2d253 test: importLoaders option (Bump ajv from 6.12.0 to 6.12.6 moroshko/react-autosuggest#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Bump pathval from 1.1.0 to 1.1.1 moroshko/react-autosuggest#840)
• fe94ebc test: icss reserved keywords (fix: Cannot read properties of undefined (reading 'focus') moroshko/react-autosuggest#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Want to throttle or debounce the fetch call, is it possible to have onSuggestionsFetchRequested not required moroshko/react-autosuggest#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• c4fffbc 8.0.0
• d51f4cf Build: changelog update for 8.0.0
• 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
• 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
• f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
• 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
• 68a49a9 Docs: Update Rollup Integrations (#15142)
• d867f81 Docs: Remove a dot from curly link (#15128)
• 9f8b919 Sponsors: Sync README with website
• 4b08f29 Sponsors: Sync README with website
• ebc1ba1 Sponsors: Sync README with website
• 2d654f1 Docs: add example .eslintrc.json (#15087)
• 16034f0 Docs: fix fixable example (#15107)
• 07175b8 8.0.0-rc.0
• 71faa38 Build: changelog update for 8.0.0-rc.0
• 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
• cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
• 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
• 7f2346b Docs: Update release blog post template (#15094)
• fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
• e3cd141 Sponsors: Sync README with website
• 05d7140 Chore: document target global in Makefile.js (#15084)
• 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: husky

The new version differs by 11 commits.

• 3abb0b8 0.14.0
• e649c6b 0.14 (Please support input valueLink moroshko/react-autosuggest#142)
• 3ba3c34 Update to handle failed prepare-commit-msg (Quick question regarding browser support moroshko/react-autosuggest#138)
• b136173 Create README.md
• d9a8f01 Update package.json
• 91fd43e Create CHANGELOG.md
• 84025a8 Create CHANGELOG.md
• 333ca98 Correct work with worktrees (How i can add ref for input element? moroshko/react-autosuggest#114)
• 4378d18 Update README.md (Add optional maxLength prop moroshko/react-autosuggest#132)
• 9321e7a Don't load nvm if it's already loaded
• 4bf6014 Update CHANGELOG.md

See the full diff

Package name: lint-staged

The new version differs by 250 commits.

• 885a644 Merge pull request Bump terser from 4.6.7 to 4.8.1 moroshko/react-autosuggest#852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request Bump follow-redirects from 1.11.0 to 1.14.7 moroshko/react-autosuggest#837 from okonet/serial-git-add

See the full diff

Package name: nyc

The new version differs by 182 commits.

• e21721a chore(release): 14.0.0
• 8cf8a89 docs: update issue template [skip ci] (#1008)
• d7a9d6a chore: Update package-lock.json
• 189bae8 chore: Update dependencies for 14.0.0-rc.1
• 2eb13c6 feat: instrument `--complete-copy` implementation (#1056)
• c88a852 docs: `nyc instrument` and `--exclude-node-modules` (#1039)
• c213469 feat: always build the processinfo temp dir (#1061)
• e597c46 feat: Add support for --exclude-node-modules to subcommands. (#1053)
• 8dcf180 feat: add processinfo index, add externalId (#1055)
• 32f75b0 fix: set processinfo pid/ppid to actual numbers (#1057)
• 16d4315 chore: Stop excluding `bin` from coverage results. (#1060)
• b909575 fix: Use a single instance of nyc for all actions of main command. (#1059)
• 997ed29 chore: Remove arrify dependency. (#1058)
• 68d6333 docs: move setup docs out of the readme [skip ci] (#1052)
• 8da097e feat: add `include` and `exclude` options to instrument command (#1007)
• 31817de chore: Update dependencies (#1050)
• 18e04ba fix: make --all work for transpiled code (#1047)
• b7e16cd feat: Support turning off node_modules default exclude via flag (#912)
• 3eb0e37 docs: A bunch of docs fix-ups (#1038)
• 5c1eb38 test(instrument): should return unmodified source if no transform found (#1036)
• 1f6c3d4 docs: project root directory and `--cwd` doc (#1032)
• 051d95a fix: Add `cwd` option to instrument command (#1024)
• 91e02c6 chore: A few code cleanups (#1033)
• 2867538 feat: Rename `plugins` option to `parser-plugins`. (#1031)

See the full diff

Package name: postcss-loader

The new version differs by 104 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (onSuggestionsFetchRequested req.reason doesn't exist in 9.1 moroshko/react-autosuggest#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (onChange: method never picks up on user pressing 'enter' moroshko/react-autosuggest#375)
• 114db12 docs(README): add autoprefixing example (inputProps.onBlur not working on mobile moroshko/react-autosuggest#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (Have onChange include the value if appropriate moroshko/react-autosuggest#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (Query - How to get full list on Focus moroshko/react-autosuggest#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (Bind value of autosuggest component to store value moroshko/react-autosuggest#379)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.